php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #49622 allow usage of json and/or php standard serialize format for sessions
Submitted: 2009-09-22 12:14 UTC Modified: 2013-08-10 09:19 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:3 of 3 (100.0%)
Same Version:3 (100.0%)
Same OS:1 (33.3%)
From: giunta dot gaetano at gmail dot com Assigned: yohgaki (profile)
Status: Wont fix Package: Session related
PHP Version: 5.3.0 OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: giunta dot gaetano at gmail dot com
New email:
PHP Version: OS:

 

 [2009-09-22 12:14 UTC] giunta dot gaetano at gmail dot com 
Description:
------------
The current session_decode() function is good when the user needs to decode a serialized session string, but it
- needs to have session_start() called beforehand
- has an impact on the current session state

A lot of comments in the php man pages for unserialize() and session_decode() are from users trying to write a preg_ based decoder of session data (and failing).

A new function that session_decode_to_array() that
- returned the deserialized data as an array
- did not impact current session state
would imho be quite useful (or adding a flag param to the existing function, to the same effect)

Since this feat. request has already been filed and closed as bogus (http://bugs.php.net/bug.php?id=42725), what I am proposing here is slightly different: besides 'wddx' and 'php', allow usage of 'json' and 'serialize' as native serialization formats for session data - the latter corresponding to the native serialize function.

If there is some information loss involved in using those two formats (ie. references), just make it clear in the docs.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-11-24 11:04 UTC] jani@php.net
-Package: Feature/Change Request +Package: Session related
 [2010-11-24 11:04 UTC] jani@php.net
-Operating System: !important +Operating System: *
 [2011-02-02 20:49 UTC] lealcy at gmail dot com 
Just add a second parameter to the existing function: $overwrite_session = true. 
This avoid create a extra function and doesn't break any existing code.
 [2012-03-31 03:50 UTC] yohgaki@php.net 
JSON cannot be used (e.g. can't handle binary well) May be BSON?

Plain serializer will be added.
 [2012-03-31 03:50 UTC] yohgaki@php.net
-Assigned To: +Assigned To: yohgaki
 [2013-08-10 09:08 UTC] yohgaki@php.net 
Related To: Bug #65359
 [2013-08-10 09:19 UTC] yohgaki@php.net
-Status: Assigned +Status: Wont fix
 [2013-08-10 09:19 UTC] yohgaki@php.net 
I considered adding JSON and BSON serializer and come to conclusion that would 
not worth implementing it.

JSON is text based serializer and cannot handle binary well. Therefore, all 
strings in $_SESSION array has be preprocessed by base64encode. Reverse 
operation is required when decoding. I think it just do not worth it.

If one would like to use BSON, they may simply use MongoDB as session data 
storage. It seems there are number of session save handlers.

https://github.com/nicktacular/php-mongo-session

Users can retrieve BSON from MongoDB.

There will be "php_serialize" serialize handler if you need better serializer 
that communicate with other systems. 

PERL: http://search.cpan.org/~bobtfish/PHP-Serialization-
0.34/lib/PHP/Serialization.pm
Python: https://pypi.python.org/pypi/phpserialize
Ruby: https://github.com/jqr/php-serialize
Lua: 
http://gitorious.org/nutria/seawolf/blobs/bfb9beb250176103f8b02c7fb938b3a09abf89
55/variable/serialize/serialize.lua

Use "php_serialize" instead.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 06:01:29 2024 UTC